Key Points of Delaware’s New Data Breach Notification Law

Delaware recently amended its data breach notification law to include the following requirements:Expanded definition of "personal information" to include biometric data, medical information, passport numbers, routing numbers for accounts, individual taxpayer identification numbers and usernames in addition to the traditional forms of PII such as birth date and social security numbers.Notice to affected individuals within [...]

Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs

The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber's data breach of more than 100,000 individuals' PII despite its promises that their data was "securely stored within our databases." The FTC found this promise was misleading when compared with the actions the company was [...]

OCR Issues Cyberattack Response Checklist and Infographic

The United States Department of Health and Human Services' Office for Civil Rights has just issued a checklist and infographic to aid healthcare organizations and their vendors in quickly responding to cyberattacks.

Does the U.S. Need a Data Protection Authority? (a few of my thoughts)

I had a wonderful discussion about privacy in the US vis-a-vis privacy in the EU with Katherine Teitler (@katherinert15) in connection with her MIS Training Institute article Does the U.S. Need a Data Protection Authority? As with most things, I do not propose to have all of the answers. In fact, in our hour or [...]